Data processing apparatus in which data is accessed in response to an access request from a plurality of access request sources

ABSTRACT

A data processing apparatus is provided which is capable of improving the responsiveness of communication in which only a maximum of one access request source has write authorization and the other access requests do not have write authorization when communication is performed with a plurality of access request sources. A management apparatus transmits, to a secure application module (SAM), a strong connection request requesting the obtainment of write authorization into the SAM. When it is determined that the strong connection has not already been assigned to the other management apparatuses, the SAM assigns the strong connection to the management apparatus in a state in which a weak connection having read authorization with the management apparatuses is maintained.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.11/017,823, filed Dec. 22, 2004, issued Jun. 30, 2009 as U.S. Pat. No.7,555,653, and is based upon and claims the benefit of priority fromprior Japanese Patent Application No. 2004-004824 filed in the JPO onJan. 9, 2004, the entire contents of each of which are incorporatedherein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a data processing apparatus for writingdata into a memory in response to an access request, a program for usetherewith, and a method for use therewith.

2. Description of the Related Art

For example, a data processing apparatus for providing various kinds ofservices to a communication party after mutual authentication isperformed with the communication party is known. Such a data processingapparatus has stored therein various setting data used for processingfor the mutual authentication and services described above; for example,the above-described setting data is written into a plurality ofmanagement apparatuses. In such a data processing apparatus, in orderthat the writing of the above-mentioned setting data from a plurality ofmanagement apparatuses do not conflict with each other, when a writingrequest is received from one management apparatus, the connection withthe other management apparatuses is disconnected, and the connection isestablished only with the management apparatus of the transmissionsource of the writing request.

However, in the above-described system, the data processing apparatusdisconnects the connection with the other management apparatuses whenthe connection is established with only the management apparatus of thetransmission source of the writing request. Therefore, when a request isreceived thereafter from the other management apparatuses, it isnecessary to establish a connection again with the other managementapparatuses, presenting the problem in that responsiveness is poor.Another problem is that, when the data processing apparatus is managedfrom management apparatuses that are disposed at a plurality oflocations, in reality, however, only the management at one location canbe guaranteed unless there is a guarantee for simultaneous writing.

SUMMARY OF THE INVENTION

The present invention has been made in view of such a situation. Anobject of the present invention is to provide a data processingapparatus capable of granting write authorization to a maximum of oneaccess request source when communication is performed with a pluralityof access request sources and increasing responsiveness of communicationwith the other access request sources that do not have writeauthorization, a program for use therewith, and a method for usetherewith.

To achieve the above-mentioned object, in a first aspect, the presentinvention provides a data processing apparatus in which data is accessedin response to an access request from a plurality of access requestsources, the data processing apparatus including: storage means forstoring data; assignment means for assigning a connection having writeauthorization to the access request source in response to a connectionrequest in which the write authorization is specified, which is receivedfrom the access request source, so that a maximum of one connection fromamong connections that are simultaneously assigned to the plurality ofaccess request sources becomes a connection having the writeauthorization with respect to the storage means; and control means forpermitting writing into the storage means in response to an accessrequest on condition that the connection having the write authorizationis assigned to the access request source when the access requestassociated with writing into the storage means is received from theaccess request source via the connection assigned to the access requestsource by the assignment means.

In the data processing apparatus in accordance with the first aspect ofthe present invention, the assignment means simultaneously may assign aconnection having write authorization to the access request source inresponse to a connection request in which the write authorization isspecified, which is received from the access request source, so that amaximum of one connection from among connections that are simultaneouslyassigned to the plurality of access request sources becomes a connectionhaving the write authorization with respect to the storage means. Thecontrol means may permit writing into the storage means in response toan access request on condition that the connection having the writeauthorization is assigned to the access request source when the accessrequest associated with writing into the storage means is received fromthe access request source via the connection assigned to the accessrequest source by the assignment means.

In a second aspect, the present invention provides a program executed bya data processing apparatus in which data is accessed in accordance withan access request from a plurality of access request sources, theprogram including: a first procedure for assigning a connection havingwrite authorization to the access request source in response to aconnection request in which the write authorization is specified, whichis received from the access request source, so that a maximum of oneconnection from among connections that are simultaneously assigned tothe plurality of access request sources becomes a connection having thewrite authorization with respect to the storage means; and a secondprocedure for permitting writing into the storage means in response toan access request on condition that the connection having the writeauthorization is assigned to the access request source when the accessrequest associated with writing into the storage means is received fromthe access request source via the connection assigned to the accessrequest source in the first procedure.

In the program in accordance with the second aspect of the presentinvention, the first procedure may assign a connection having writeauthorization to the access request source in response to a connectionrequest in which the write authorization is specified, which is receivedfrom the access request source, so that a maximum of one connection fromamong connections that are simultaneously assigned to the plurality ofaccess request sources becomes a connection having the writeauthorization with respect to the storage means. The second proceduremay permit writing into the storage means in response to an accessrequest on condition that the connection having the write authorizationis assigned to the access request source when the access requestassociated with writing into the storage means is received from theaccess request source via the connection assigned to the access requestsource in the first procedure.

In a third aspect, the present invention provides a data processingmethod executed by a data processing apparatus in which data is accessedin response to an access request from a plurality of access requestsources, the data processing method including: a first step of assigninga connection having write authorization to the access request source inresponse to a connection request in which the write authorization isspecified, which is received from the access request source, so that amaximum of one connection from among connections that are simultaneouslyassigned to the plurality of access request sources becomes a connectionhaving the write authorization with respect to the storage means; and asecond step of permitting writing into the storage mean in response toan access request on condition that the connection having the writeauthorization is assigned to the access request source when the accessrequest associated with writing into the storage means is received fromthe access request source via the connection assigned to the accessrequest source in the first step.

In the data processing method in accordance with the third aspect of thepresent invention, the first step may assign a connection having writeauthorization to the access request source in response to a connectionrequest in which the write authorization is specified, which is receivedfrom the access request source, so that a maximum of one connection fromamong connections that are simultaneously assigned to the plurality ofaccess request sources becomes a connection having the writeauthorization with respect to the storage means. The second step maypermit writing into the storage means in response to an access requeston condition that the connection having the write authorization isassigned to the access request source when the access request associatedwith writing into the storage means is received from the access requestsource via the connection assigned to the access request source in thefirst step.

According to the present invention, it is possible to provide a dataprocessing apparatus capable of granting write authorization to amaximum of one access request source when communication is performedwith a plurality of access request sources and increasing responsivenessof communication with the other access request sources that do not havewrite authorization, a program for use therewith, and a method for usetherewith.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a card system according to a firstembodiment of the present invention;

FIG. 2 is a block diagram of a SAM shown in FIG. 1;

FIG. 3 illustrates functions realized by a CPU shown in FIG. 2;

FIG. 4 illustrates an initial state of the connection between the SAMand management apparatuses shown in FIG. 1;

FIG. 5 illustrates a case in which a strong connection request istransmitted from the management apparatus shown in FIG. 1 to the SAM;

FIG. 6 illustrates a case in which a reset request is transmitted fromthe SAM shown in FIG. 1 to the management apparatuses 13_2, 13_3, and13_4;

FIG. 7 illustrates a case in which a strong connection is formed betweenthe SAM and the management apparatus 13_1;

FIG. 8 is a flowchart illustrating an example of the operation when theSAM receives a strong connection request SCR from the managementapparatus 13_1 in the initial state shown in FIG. 4;

FIG. 9 is a flowchart continuing from FIG. 8 illustrating the example ofthe operation when the SAM receives the strong connection request SCRfrom the management apparatus 13_1 in the initial state shown in FIG. 4;

FIG. 10 is a flowchart illustrating an example of the operation when theSAM receives an access request from the management apparatus shown inFIG. 1; and

FIG. 11 illustrates a case in which one access request is formed by aplurality of access requests COM, which are continuously transmittedfrom the management apparatus 13_1 to the SAM 12.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

A card system according to an embodiment of the present invention willbe described below.

First Embodiment

FIG. 1 is a block diagram of a card system 1 of a first embodiment ofthe present invention. As shown in FIG. 1, the card system 1 includes,for example, an IC card 10, a computer 11, a SAM (Secure ApplicationModule) 12, and management apparatuses 13_1, 13_2, 13_3, and 13_4. Thenumber of management apparatuses may be any number as long as it isplural. Here, the SAM 12 corresponds to a data processing apparatus ofthe present invention. Each of the management apparatuses 13_1 to 13_4corresponds to an access request source of the present invention.

In the card system 1, for example, after an IC (Integrated Circuit) 15of the IC card 10 and the SAM 12 perform authentication via a computer11, they perform processing for predetermined services in cooperation.The SAM 12 has stored therein various kinds of setting data, such as keydata, used for performing authentication between the IC card 10 and theIC 15 and for performing processing for the above-described services.The management apparatuses 13_1 to 13_4 write the various kinds ofsetting data to the SAM 12, and read the setting data from the SAM 12,so that the operation of the SAM 12 is managed. The card system 1 ofthis embodiment has features in the communication method between the SAM12 and the management apparatuses 13_1 to 13_4.

Each component shown in FIG. 1 is described below.

[IC Card 10]

In the IC card 10, the IC 15 is incorporated.

The IC 15 is an anti-tampering electronic circuit having, for example,an incorporated memory, and an interface, and a CPU (Central ProcessingUnit), which is configured in such a manner that data stored in theincorporated memory and data being processed by the CPU cannot beexternally monitored or tampered (difficult to tamper).

The IC 15 performs mutual authentication with the SAM 12 via thecomputer 11, and after the mutual validities are confirmed, the IC 15performs processing for predetermined services in cooperation with theSAM 12.

[Computer 11]

The computer 11 has an interface for exchanging data with the IC 15 ofthe IC card 10, and an interface for exchanging data with the SAM 12.

[SAM 12]

FIG. 2 is a block diagram of the SAM 12 shown in FIG. 1. As shown inFIG. 2, the SAM 12 has, for example, interfaces 12_1 and 12_2, a memory12_3, and a CPU 12_4, these being interconnected with one another via adata line 12_0.

Here, the memory 12_3 corresponds to the storage means of the presentinvention, and as will be described later, assignment means and controlmeans of the present invention are realized by the CPU 12_4.

The SAM 12 is an anti-tampering electronic circuit, which is configuredin such a manner that data stored in the memory 12_3 and data beingprocessed by the CPU 12_3 cannot be externally monitored or tampered(difficult to tamper).

The interface 12_1 performs data input/output with the IC 15 via thecomputer 11 shown in FIG. 1. The interface 12_2 performs datainput/output with the management apparatuses 13_1 to 13_4 shown in FIG.1 via a network. The network is a network based on, for example,Ethernet (trademark), USB (Universal Serial Bus), or IEEE (Institute ofElectrical and Electronics Engineers) 1394.

The interface 12_2 receives, from the management apparatuses 13_1 to13_4, a connection request such as a strong connection request SCR andan access request COM (to be described later). Furthermore, theinterface 12_2 transmits the data used for mutual authentication, etc.,which is output by the CPU 12_4, to the management apparatuses 13_1 to13_4.

The memory 12_3 has stored therein various kinds of setting data SD,such as key data, used for authentication between the IC card 10 and theIC 15 and for processing for the above-described services. In thisembodiment, the management apparatuses 13_1 to 13_4 write (set) thesetting data SD to the memory 12_3. Furthermore, the memory 12_3 hasstored therein a program PRG that is read and executed by the CPU 12_4.

The CPU 12_4 executes the program PRG read from the memory 12_3 so as toperform various kinds of processes (to be described later). In responseto the execution of the program PRG, for example, the CPU 12_4 realizesthe functions of a connection assignment section 21 and an accesscontrol section 22, as shown in FIG. 3.

Here, the connection assignment section 21 corresponds to the assignmentmeans in accordance with the first aspect of the present invention, andthe access control section 22 corresponds to the control means inaccordance with the second aspect of the present invention.

Furthermore, based on the setting data SD stored in the memory 12_3, theCPU 12_4 performs authentication with the IC 15 of the IC card 10 andprocessing for services in cooperation with the IC 15 via the computer11. The functions of the SAM 12 will be described in detail inassociation with an example of the operation of the card system 1 (to bedescribed later).

[Management Apparatuses 13_1 to 13_4]

For each of the management apparatuses 13_1 to 13_4 shown in FIG. 1, aconnection with the SAM 12 is assigned by issuing a connection requestto the SAM 12 (a connection request of the present invention). Then,each of the management apparatuses 13_1 to 13_4 issues an access request(an access request of the present invention) to the SAM 12 via theassigned connection.

When the connection with the SAM 12 is made, each of the managementapparatuses 13_1 to 13_4 transmits apparatus type data ASD indicatingits own type (the data indicating the type of the access request sourceof the present invention) to the SAM 12. The apparatus type data ASD isverified together with the mutual authentication with each of themanagement apparatuses 13_1 to 13_4 in the SAM 12, and is used to definethe execution authorization for the processing, which is granted inresponse to the access request from the management apparatus.

A description is given below of communication between the SAM 12 and themanagement apparatuses 13_1 to 13_4 in the card system 1 with emphasison the operation of the SAM 12 shown in FIGS. 1 to 3.

For example, a case is considered in which, as shown in FIG. 4, as theinitial state, the SAM 12 assigns a weak connection W_C, in which writeauthorization is not assigned to the SAM 12, to each of the managementapparatuses 13_1 to 13_4. Here, each of the management apparatuses 13_1to 13_4 can transmit an access request COM requiring read authorizationto the SAM 12 via the weak connection W_C, but cannot transmit an accessrequest COM requiring write authorization.

In the state shown in FIG. 4, as shown in FIG. 5, the managementapparatus 13_1 transmits, to the SAM 12, a strong connection request SCRrequiring an exclusive access to the SAM 12 (the obtainment of the writeauthorization with respect to the memory 12_3 of the SAM 12).

Upon receiving the strong connection request SCR, the SAM 12 performsmutual authentication with the management apparatus 13_1. When thevalidity is confirmed, then, the SAM 12 determines whether or not thestrong connection S_C has already been assigned to the other managementapparatuses 13_2, 13_3, and 13_4.

When it is determined that the strong connection S_C has not alreadybeen assigned to the other management apparatuses 13_2, 13_3, and 13_4,the SAM 12, as shown in FIG. 6, transmits a reset request CRE forresetting the authorization assigned to the other managementapparatuses, to the other management apparatuses 13_2, 13_3, and 13_4 inthe state in which the weak connection W_C with the other managementapparatuses 13_2, 13_3, and 13_4 is maintained. As a result, theauthorization for the processing that can be performed on the SAM 12 bythe management apparatus on the basis of the access request COM, whichhas been assigned to the other management apparatuses 13_2, 13_3, and13_4 by the SAM 12, is reset.

In this embodiment, the SAM 12 resets the authorization assigned to theassociated management apparatus while the connection with the managementapparatuses 13_2, 13_3, and 13_4 is maintained. For this reason, whenthe management apparatuses 13_2, 13_3, and 13_4 transmit the accessrequest COM to the SAM 12, it is not necessary to perform are-connection operation with the SAM 12, and the responsiveness is good.

Then, as shown in FIG. 7, the SAM 12 assigns the strong connection S_Cto the management apparatus 13_1. As a result, the strong connection S_Cis assigned to a maximum of one management apparatus from among themanagement apparatuses 13_1 to 13_4 by the SAM 12, and it can beguaranteed that writing based on the access request COM is performed tothe memory 12_3 of the SAM 12 from only a single management apparatus.

A description will now be given below of an example of the operation forperforming communication between the SAM 12 and the managementapparatuses 13_1 to 13_4 in the card system 1 shown in FIGS. 1 to 7 withemphasis on the operation of the SAM 12.

[Example of First Operation]

In this example of the operation, a case is described in which the SAM12 receives the strong connection request SCR from the managementapparatus 13_1 in the initial state shown in FIG. 4.

FIGS. 8 and 9 are flowcharts illustrating an example of the operationwhen the SAM 12 receives the strong connection request SCR from themanagement apparatus 13_1 in the initial state shown in FIG. 4.

Each step shown in FIGS. 8 and 9 is performed by the connectionassignment section 21 of the CPU 12_4 shown in FIG. 3. Each step shownin FIGS. 8 and 9 is written within a program PRG, and this constitutesthe first procedure in accordance with the second aspect of the presentinvention. Each step shown in FIGS. 8 and 9 constitutes the first stepin accordance with the third aspect of the present invention.

In step ST1, the CPU 12_4 of the SAM 12 determines whether or not thestrong connection request SCR requiring an exclusive access to the SAM12 (the obtainment of the write authorization to the memory 12_3 of theSAM 12) is received from the management apparatuses 13_1 to 13_4 via theinterface 12_2. When it is determined that the strong connection requestSCR is received, the process proceeds to step ST2.

In this example of the operation, a case is described below in which, asshown in FIG. 5, the SAM 12 receives the strong connection request SCRfrom the management apparatus 13_1.

In step ST2, the CPU 12_4 of the SAM 12 performs mutual authenticationwith the management apparatus 13_1, which is a transmission source ofthe strong connection request SCR in step ST1, in order to confirm themutual validities.

In step ST3, when the CPU 12_4 of the SAM 12 confirms the mutualvalidities in step ST2, the process proceeds to step ST4, and whenotherwise, the process proceeds to step ST5.

In step ST4, the CPU 12_4 of the SAM 12 determines whether or not thestrong connection S_C has already been assigned to any of the managementapparatuses 13_2, 13_3, and 13_4 other than the management apparatus13_1. When it is determined that the strong connection S_C is notassigned, the process proceeds to step ST6. When it is determined thatthe strong connection S_C is assigned, the process proceeds to step ST5.

In step ST5, the CPU 12_4 of the SAM 12 transmits, via the interface12_2, an error notification indicating that the strong connection S_Ccannot be assigned to the management apparatus 13_1.

In step ST6, the CPU 12_4 of the SAM 12 transmits the reset request CREfor resetting the authorization assigned to the other managementapparatuses via the interface 12_2 to the management apparatuses 13_2,13_3, and 13_4 in the state in which the weak connection W_C with themanagement apparatuses 13_2, 13_3, and 13_4 is maintained. As a result,the authorization for the processing that can be performed on the SAM 12on the basis of the access request COM by the associated managementapparatus, the authorization being assigned to the managementapparatuses 13_2, 13_3, and 13_4 by the SAM 12, is reset. As a result,the SAM 12 does not disconnect the weak connection W_C with themanagement apparatuses 13_2, 13_3, and 13_4, but maintains the weakconnection W_C as is.

In step ST7, the CPU 12_4 of the SAM 12, as shown in FIG. 7, assigns thestrong connection S_C to the management apparatus 13_1. As a result, thestrong connection S_C is assigned to a maximum of one managementapparatus from among the management apparatuses 13_1 to 13_4 by the SAM12.

In step ST8, based on the apparatus type data ASD received from themanagement apparatus 13_1 via the interface 12_2, the CPU 12_4 of theSAM 12 grants an authorization for processing that can be performed onthe SAM 12 by the management apparatus 13_1 by using the access requestCOM.

For example, the CPU 12_4 specifies as to whether or not the managementapparatus 13_1 can issue the content (range) of the processing, forexample, a predetermined request of a management system, to the SAM 12by using the access request COM.

In step ST9, the CPU 12_4 of the SAM 12 performs mutual authenticationwith the management apparatuses 13_2, 13_3, and 13_4 via the interface12_2.

In step ST10, when the CPU 12_4 of the SAM 12 confirms the mutualvalidities in step ST9, the process proceeds to step ST11. Whenotherwise, the processing is completed.

In step ST11, based on the apparatus type data ASD received from themanagement apparatuses 13_2, 12_3, and 12_4 via the interface 12_2, theCPU 12_4 of the SAM 12 grants an authorization for processing that canbe performed on the SAM 12 by the management apparatuses 13_2, 13_3, and13_4 on the basis of the access request COM. For example, the CPU 12_4specifies the content (range) of the processing that can be requested tothe SAM 12 by the management apparatuses 13_2, 13_3, and 13_4 by usingthe access request COM.

[Example of Second Operation]

A case is described below of an example of the operation in which theSAM 12 receives the access request COM from the management apparatuses13_1 to 13_4.

FIG. 10 is a flowchart illustrating an example of the operation when theSAM 12 shown in FIG. 1 receives the access request COM from themanagement apparatuses 13_1 to 13_4. Each step shown in FIG. 10 isperformed by the access control section 22 of the CPU 12_4 shown in FIG.3. Each step shown in FIG. 10 is written within the program PRG, andthis constitutes the second procedure of the program in accordance withthe second aspect of the present invention. Furthermore, each step shownin FIG. 10 constitutes the second step in accordance with the thirdaspect of the present invention.

In step ST21, the CPU 12_4 of the SAM 12 determines whether or not theaccess request COM is received from any of the management apparatuses13_1 to 13_4 via the connection assigned to the associated managementapparatus (the strong connection S_C or the weak connection W_C). Whenit is determined that the access request COM is received, the processproceeds to step ST21.

In step ST22, the CPU 12_4 of the SAM 12 performs mutual authenticationwith the management apparatus of the transmission source of the accessrequest COM received in step ST21, and determines whether or not theassociated management apparatus has the authorization for the requestspecified in the access request COM.

In step ST23, when the CPU 12_4 of the SAM 12 determines in step ST22that the associated management apparatus has the above-describedauthorization, the process proceeds to step ST24. When otherwise, theprocess proceeds to step ST25. At this time, when the access request COMrequires write authorization, the CPU 12_4 determines that theassociated management apparatus has the specified request only when theaccess request COM is received from the management apparatuses 13_1 to13_4 via the strong connection S_C.

Furthermore, for example, when the access request COM that does notrequire write authorization is received from the management apparatuses13_1 to 13_4 via the weak connection W_C, the CPU 12_4 determines thatthe associated management apparatus has an authorization regarding thespecified request on condition that the associated management apparatushas a predetermined authorization with regard to the request specifiedby the access request COM.

In step ST24, the CPU 12_4 of the SAM 12 performs processing specifiedby the access request COM received in step ST21. When the access requestCOM is, for example, a reading request, the CPU 12_4 reads the settingdata SD from the memory 12_3 shown in FIG. 2. When the access requestCOM is a writing request, the CPU 12_4 writes the setting data SD intothe memory 12_3.

In step ST25, the CPU 12_4 of the SAM 12 transmits, to the managementapparatus of the transmission source of the access request COM, an errornotification indicating that there is no authorization for theprocessing specified by the access request COM.

As has thus been described, in the card system 1, the SAM 12 assigns thestrong connection S_C to the management apparatus 13_1, and assigns theweak connection W_C to each of the management apparatuses 13_2 to 13_4.

The SAM 12 accepts the access request COM requiring write authorizationinto the memory 12_3 from only the management apparatus 13_1 to whichthe strong connection S_C is assigned, and accepts the access requestCOM that does not require write authorization from the managementapparatuses 13_2 to 13_4 to which the weak connection W_C is assigned.

For this reason, according to the card system 1, when the SAM 12receives the access request COM requiring write authorization from themanagement apparatus 13_1, it is not necessary for the SAM 12 todisconnect the connection with the management apparatuses 13_2 to 13_4,and the weak connection W_C can be maintained.

As a result, thereafter, it is possible for the SAM 12 immediately toreceive the access request COM that does not require write authorizationfrom the management apparatuses 13_2 to 13_4, and thus, a highresponsiveness can be obtained.

Furthermore, in the card system 1, for example, when the SAM 12 assignsthe strong connection S_C to the management apparatus 13_1 in responseto the strong connection request SCR from the management apparatus 13_1,the SAM 12 maintains the weak connection W_C with the managementapparatuses 13_2 to 13_4, but resets the authorization granted to themanagement apparatuses 13_2 to 13_4.

As a result, it is possible to newly grant an authorization to each ofthe management apparatuses 13_2 to 13_4 so that the security when themanagement apparatus 13_1 issues the access request COM to the SAM 12via the strong connection S_C is ensured.

Furthermore, according to the SAM 12, based on the apparatus type dataASD received from each of the management apparatuses 13_1 to 13_4, anauthorization matching the type of the associated management apparatuscan be granted to the associated management apparatus.

Second Embodiment

A case is described below in which one access request is formed by aplurality of access requests COM transmitted continuously from themanagement apparatuses 13_1 to 13_4 to the SAM 12. The SAM 12 of thisembodiment is the same as the SAM 12 described in the first embodimentexcept that the processing described below is further performed.

FIG. 11 illustrates a case in which one access request is formed by aplurality of access requests COM that are continuously transmitted fromthe management apparatus 13_1 to the SAM 12.

In this embodiment, for example, one access request is formed by accessrequests COM1, COM2, and COML shown in FIG. 11. Since an access requestis useful when writing into and reading from the SAM 12 cannot beperformed by one access request. In this embodiment, a description isgiven below of a case in which, in such a case, an access request COM11is transmitted from the management apparatus 13_3 to the SAM 12 at thestage where responses by the SAM 12 to all of the plurality of accessrequests COM1, COM2, and COML are not completed.

In step ST31, the management apparatus 13_1 transmits the access requestCOM1 to the SAM 12.

In step ST32, the CPU 12_4 of the SAM 12 shown in FIG. 2 enters alocked-on state when the first access request COM1 is received via theinterface 12_2 in step ST31.

In step ST33, the CPU 12_4 of the SAM 12 performs predeterminedprocessing, for example, reading of the setting data SD from the memory12_3 or writing of the setting data SD into the memory 12_3, in responseto the access request COM1 received in step ST31, and transmits aresponse R1, which is a response of the above processing, to themanagement apparatus 13_1 via the interface 12_2.

In step ST34, the management apparatus 13_1 transmits the access requestCOM2 to the SAM 12.

In step ST35, in response to the access request COM1 received in stepST34, the CPU 12_4 of the SAM 12 shown in FIG. 2 performs predeterminedprocessing, for example, reading of the setting data SD from the memory12_3 or writing of the setting data SD into the memory 12_3, andtransmits a response R2, which is a response of the above processing, tothe management apparatus 13_3.

In step ST36, the management apparatus 13_3 transmits the access requestCOM11 to the SAM 12.

In step ST37, in response to the access request COM1 received in stepST36, the CPU 12_4 of the SAM 12 determines whether or not the CPU 12_4is in a locked state. Since the CPU 12_4 is in a locked state, an errornotification ERR indicating that the access request COM11 cannot beaccepted is transmitted to the management apparatus 13_1.

In step ST38, the management apparatus 13_1 transmits the access requestCOML to the SAM 12.

In step ST39, in response to the access request COML transmitted in stepST38, the CPU 12_4 of the SAM 12 shown in FIG. 2 performs predeterminedprocessing, for example, reading of the setting data SD from the memory12_3 or writing of the setting data SD into memory 12_3, and transmits aresponse RL, which is a response of the above processing, to themanagement apparatus 13_1 via the interface 12_2.

In step ST40, the CPU 12_4 of the SAM 12 shown in FIG. 2 determines thatthe associated access request is the final one on the basis ofpredetermined identification data within the access request COML, andturns off the locked state set in step ST32 so as to enter a locked-offstate.

In step ST41, based on the error notification ERR received in step ST37,the management apparatus 13_3 transmits the access request COM11 againto the SAM 12.

In step ST42, in response to the access request COM11 received in stepST41, the CPU 12_4 of the SAM 12 shown in FIG. 2 performs predeterminedprocessing, for example, reading of the setting data SD from the memory12_3 or writing of the setting data SD into the memory 12_3, andtransmits a response R11, which is a response of the above processing,to the management apparatus 13_3 via the interface 12_2.

As has thus been described, in this embodiment, the SAM 12 does notaccept the access request COM11 when the access request COM11 istransmitted later to the SAM 12 from the management apparatus 13_3 atthe stage where the responses by the SAM 12 to all of the plurality ofaccess requests COM1, COM2, and COML forming one access request are notcompleted. For this reason, the responsiveness to one access requestformed by the plurality of the access requests COM1, COM2, and COML canbe improved.

According to this embodiment, when one access request formed by theplurality of the access requests COM1, COM2, and COML is a request forreading the setting data SD and the access request COM11 is a requestfor writing the setting data SD, it is possible to prevent the settingdata SD of the memory 12_3 of the SAM 12 from being changed in responseto the writing request while the reading request is being processed.

Third Embodiment

In the above-described first embodiment, as shown in FIG. 10, after theSAM 12 performs mutual authentication with the management apparatuses13_1 to 13_4 of the transmission source of the access request COM, theSAM 12 determines whether or not the associated management apparatus hasan authorization regarding a request specified by the access requestCOM.

In this embodiment, before the access request COM is transmitted to theSAM 12, each of the management apparatuses 13_1 to 13_4 transmits, tothe SAM 12, an inquiry as to whether or not the above-describedexecution authorization as a result of the mutual authentication, whichwas performed previously by the management apparatus on its own with theSAM 12, is held as is.

In response to the inquiry, the SAM 12 transmits a response indicatingwhether or not the execution authorization granted to the associatedmanagement apparatus as a result of the mutual authentication, that is,a response indicating whether or not the process of step ST6 shown inFIG. 8 is performed.

Based on the response received from the SAM 12, each of the managementapparatuses 13_1 to 13_4 transmits the access request COM to the SAM 12,as is performed in step ST21 shown in FIG. 10, when the authorization isnot lost.

According to this embodiment, each of the management apparatuses 13_1 to13_4 can transmit the access request COM, as described in step ST21 ofthe FIG. 10, only when its own execution authorization is not lost. As aresult, it is possible to prevent the SAM 12 from unnecessarilyperforming the processes of steps ST21, ST22, ST23, and ST25. In thiscase, each of the management apparatuses 13_1 to 13_4 does not enter anunwanted waiting state from when the access request COM is issued untilan error notification is received in step ST25.

If the data processing apparatus is provided with a function capable ofobtaining a mutual authentication state so as to operate insynchronization with the management apparatuses, an unwanted wait statecan be avoided.

1. A data processing apparatus in which data is accessed in response toan access request from a plurality of access request sources, said dataprocessing apparatus comprising: a secure memory unit configured tostore data; assignment unit configured to assign a connection havingwrite authorization to the access request source in response to aconnection request in which said write authorization is specified, whichis received from said access request source, so that a maximum of oneconnection from among connections that are simultaneously assigned tosaid plurality of access request source becomes a connection having saidwrite authorization with respect to said secure memory unit; a controlunit configured to permit writing into said secure memory unit inresponse to an access request source when said access request associatedwith writing into said secure memory unit is received from the accessrequest source via said connection assigned to said access requestsource by said assignment unit; and an authentication unit configured todetermine whether the access request source has the authorization for anaccess request, where the authentication unit performs authentication inresponse to each access request that is received from said accessrequest source, the authentication unit performing authentication basedon an apparatus type received from the access request source.
 2. Thedata processing apparatus according to claim 1, wherein said assignmentunit is configured to simultaneously assign a connection that does nothave said write authorization and that has read authorization from saidsecure memory unit, to a single or a plurality of said access requestsources other than said access request source to which a connectionhaving said write authorization is assigned, and said control unit isconfigured to permit reading of data from said secure memory unit whensaid access request associated with reading from said secure memory unitis received from the access request source via the connection havingsaid read authorization assigned to said access request source by saidassignment unit.
 3. The data processing apparatus according to claim 1,wherein, based on data indicating the type of the access request source,which is received from said access request source, said control unit isconfigured to permit granting, to the access request source, anauthorization for processing that can be performed using said accessrequest, and when an access request is received from the access requestsource via the connection assigned to the access request source by saidassignment unit, said control unit is configured to permit performingprocessing specified by the access request on condition that anauthorization for processing specified by the access request is grantedto the access request source.
 4. The data processing apparatus accordingto claim 1, wherein said control unit is configured to permit grantingan authorization for processing that can be performed using said accessrequest to the access request source after the validity of said accessrequest source is authenticated.
 5. The data processing apparatusaccording to claim 1, wherein, when said assigning unit is configured toassign a connection having said write authorization to said accessrequest source, said control unit is configured to permit resetting theauthorization granted to said access request source to which anotherconnection is assigned while the other connection assigned by saidassignment unit is maintained.
 6. The data processing apparatusaccording to claim 5, wherein, in response to a request from said accessrequest source, said control unit is configured to permit transmitting,to the access request source, a reply indicating whether theauthorization granted to the access request source is valid.
 7. The dataprocessing apparatus according to claim 1, wherein, when the requestcomposed of said plurality of access requests is received from saidaccess request source, said control unit is configured to permitaccepting another access request after the processing for said pluralityof access requests is completed, and performing processing for the otheraccess request.
 8. The data processing apparatus according to claim 7,wherein, if said other access request is received before the processingfor said plurality of access requests is completed, the access requestis rejected.